I've recently installed XAMPP on my Mac OS X 10.6.8, and this has caused me to reevaluate how I have my firewall setup. Right now I am using the two firewalls that came pre-installed on my computer:

ipfw packet-filtering firewall

Application firewall

In my experience, applications err on the side of usability and as a result have insecure default settings. Given this, I figure I'll need to make some changes (either in ipfw.conf or the Security Pane) to properly harden my network. This is especially important now that I will be running an XAMPP server (for local development only).

What changes should be made to the default settings on the Apple firewalls in order to properly secure your computer/server?

XAMPP is not meant for production use, so out of the box it is deliberately very insecure. You're not meant to use it for anything serious, so they turn lots of security features off to make it easy to use. You can reverse these deliberate weaknesses by running the lampp security command.